Chapter 8 - Virtual Private Networks and Remote Access

Abstract

The Virtual Private Network (VPN) provides network privacy on a local area network (LAN), wide area network (WAN), and remote access scale for many different types of people. This chapter discusses VPN and highlights the ways in which internet protocol security (IPSec) feature of a Cisco system work within a VPN to prevent security breaches on a network. A VPN is deployed on a shared infrastructure, employing the same security, management, and throughput policies applied in a private network. Therefore, it can take many different forms and be implemented in various models such as peer VPN model, overlay VPN model and link layer VPN. The chapter describes all these models. Layer 2 Transport Protocol (L2TP) is a key building block for VPNs in the dial access space. The chapter discusses techniques to configure Cisco L2TP that could be used for serving the unique security needs of an organization. IPSec is a framework of open standards for ensuring secure private communications over public internet protocol (IP) networks. It is deployed for security at the network layer, from where it secures the applications without revealing its security mechanisms to applications. The chapter describes the architecture of the IPSec protocol focusing on security features of each component of the architecture. It also discusses the relation between IPSec and Cisco Encryption Technology (CET), and provides methods to configure the IPSec feature of Cisco internet operating system (IOS).